Website Visits Loading...

Patrick
Nguyen

About

Dedicated Security Engineer specializing in the design, implementation, and regulatory compliance of segmented OT/IT environments and critical energy infrastructure.

Experience

OT Security Engineer | Critical Infrastructure Protection | NERC CIP Compliance

Trans Bay Cable (Energy Infrastructure Subsidiary of NextEra Energy)

Aug 2021 – Present

Remote

Integrated and enforced Purdue Model network segmentation protecting OT/ICS assets, reducing lateral movement risk between operational and corporate environments.
Deployed and administered Check Point firewalls managing 250+ rules and RBAC policies to enforce segmentation aligned with NERC CIP requirements across IT/OT environments.
Maintained NERC CIP aligned firewall rule governance by documenting justification, validating service necessity, and supporting audit evidence requests.
Supported implementation of Dragos to enhance OT specific threat detection within segmented control and DMZ networks.
Hardened ICS Active Directory environment by enforcing least-privilege policies and restricting administrative access to critical control systems.
Established centralized monitoring across OT assets utilizing PRTG to improve operational visibility and enable early anomaly detection within segmented control networks.
Designed secure remote execution pathway between segmented networks using Just Enough Administration (JEA) for PowerShell, enabling controlled cross-boundary operations without violating segmentation policies.
Investigated and triaged SIEM alerts in Tripwire Log Center by correlating firewall, endpoint, and system logs, assessing severity and operational impact to validate or dismiss potential security threats.
Implemented automated and secure configuration backups for Check Point firewalls using SCP with key-based authentication to ensure configuration integrity and rapid recovery capability.
Deployed Trend Micro Apex One agents across ICS and DMZ networks, enhancing endpoint visibility and malware protection within segmented OT environments.
Led consolidation and reorganization of 10+ server racks housing 200+ assets, upgrading power circuits from 20A to 30A to increase load capacity, improve distribution efficiency, and support future infrastructure growth.
Led procurement and implementation of centralized cyber asset inventory system to improve asset traceability and support compliance and management initiatives.

IT Security Intern

Trans Bay Cable

May 2018 – Aug 2019

SF Bay Area

Assisted in implementation of NERC CIP-007-6 controls, designing firewall rulesets to restrict unnecessary logical ports and services.
Conducted port analysis on critical HVDC infrastructure systems, reducing exposed services by approximately 40%.
Supported enterprise-wide implementation of MFA (DUO) across company endpoints integrated with Active Directory.

Technical Skills

Firewalls & Networking

Check Point, Cisco Firepower, Network Segmentation, VPN, ACLs, TCP, IP Networking, Network Security, Information Security

OT / ICS Security

Purdue Model Architecture, NERC CIP, SCADA/ICS Environments, Asset Visibility

Security Operations

SIEM Analysis, Vulnerability Management, Endpoint Protection, Tripwire Log Center

Identity & Infrastructure

Active Directory, Group Policy (GPO), RBAC, Windows Server, Check Point Identity Awareness, Linux, Cisco ISE, TACACS+

Cloud (Exposure)

AWS S3, CloudFront, Route 53, DynamoDB, Lambda, API Gateway

Education

B.S. Business Administration — Information Technology

Spring 2021

California State University East Bay

Hayward, CA

Certifications

AWS SAA

Solutions Architect Associate

AWS CCP

Certified Cloud Practitioner